Wireless LAN Security This slide set includes information

  • Slides: 68
Download presentation
Wireless LAN Security This slide set includes information not in the textbook chapter. CSH

Wireless LAN Security This slide set includes information not in the textbook chapter. CSH 6 Chapter 33 “Wireless LAN Security” Gary L. Tagg & Jason Sinchak 1 Copyright © 2020 M. E. Kabay. All rights reserved.

Topics ØIntroduction Ø 802. 11 Security Fundamentals ØIEEE 802. 11 Robust Security Network ØFundamental

Topics ØIntroduction Ø 802. 11 Security Fundamentals ØIEEE 802. 11 Robust Security Network ØFundamental Wireless Threats ØSpecific Wireless Security Attacks ØMitigating Controls ØSecure Enterprise Design ØSecure Auditing Tools 2 Copyright © 2020 M. E. Kabay. All rights reserved.

Introduction ØScope ØCorporate Use of Wireless LANs ØFunctional Benefits of Wireless ØSecurity Benefits of

Introduction ØScope ØCorporate Use of Wireless LANs ØFunctional Benefits of Wireless ØSecurity Benefits of Wireless ØCentralized Management ØOverview & History of IEEE 802. 11 Standards 3 Copyright © 2020 M. E. Kabay. All rights reserved.

Scope Ø Massive adoption of IEEE 802. 11 wireless LANs Ø Mobility, flexibility, rapid

Scope Ø Massive adoption of IEEE 802. 11 wireless LANs Ø Mobility, flexibility, rapid deployment, costs Ø New opportunities for unauthorized access Ø Purpose of chapter q. Introduce wireless technologies q. Present issues q. Offer ways of addressing issues q. Open-source and commercial tools for auditing wireless networks 4 Copyright © 2020 M. E. Kabay. All rights reserved.

Corporate Uses of Wireless LANs Ø Offices, plants, schools q Employee access throughout area

Corporate Uses of Wireless LANs Ø Offices, plants, schools q Employee access throughout area (campus, warehouse…) q Meeting rooms q Access for external consultants, visitors q Work outside normal desk area (e. g. , café) q Managers can show employees laptop display q Reduce voice telecom costs using Vo. WLANs Ø Public hot spots q Hotels, coffee shops, airports…. üIncreased mobile work Ø Rapid deployment: no cabling (esp. in older buildings or historical sites), avoid underground cabling 5 Copyright © 2020 M. E. Kabay. All rights reserved.

Functional Benefits Ø Mobility; e. g. , q. Warehouses q. Shop floors q. Hospitals

Functional Benefits Ø Mobility; e. g. , q. Warehouses q. Shop floors q. Hospitals Ø Flexibility q. Public hotspots widespread q. Access outside corporate property q. Access for visitors to corporate buildings Ø Cost reductions q. Reduce physical network infrastructure q. Overloads handled automatically by shifting to nearby access points (APs) q. Virtual LANs (VLANs) can use Service Set Identifiers (SSID) more easily than wired physical LANs 6 Copyright © 2020 M. E. Kabay. All rights reserved.

Security Benefits Ø Physical security q. Hide and shield APs q. Contrast with physical

Security Benefits Ø Physical security q. Hide and shield APs q. Contrast with physical network jacks – must be visible to all Ø Segmentation visibility q. Wired networks usually use Media Access Control (MAC) addresses üDefine VLANs (virtual LANs) for specific areas or groups üCan be spoofed üLimit users to specific physical area q. But wireless networks can assign per-SSID VLANs üAccessible anywhere in wireless environment 7 Copyright © 2020 M. E. Kabay. All rights reserved.

Centralized Management Ø Wireless controllers can configure groups of APs Ø Configure a single

Centralized Management Ø Wireless controllers can configure groups of APs Ø Configure a single image for thin-client Aps Ø User directory through Extensible Authentication Protocol–Remote Authentication Dial In User Service (EAPRADIUS) Ø Mesh of APs can support security monitoring q. Wireless intrusion-detection systems (IDS) 8 Copyright © 2020 M. E. Kabay. All rights reserved.

Overview & History of IEEE 802. 11 Standards Ø History q. Early 1990 s

Overview & History of IEEE 802. 11 Standards Ø History q. Early 1990 s – limited use of commercial protocols q. Late 1990 s – adoption of ANSI/IEEE 802. 11 standard üBaselines for interoperable products q 1999: 802. 11 b (11 Mbps) q 802. 11 a (54 Mbps) & 802. 11 g ↑ wireless bandwidth to = wired Ethernet LANs q 802. 11 n (2009) ü 600 Mbps bandwidth üCompatible with 802. 11 b ü 5 GHz band 9 Copyright © 2020 M. E. Kabay. All rights reserved.

Home Use of Wireless LANs Ø Wireless LAN networking grew explosively in 2000 s

Home Use of Wireless LANs Ø Wireless LAN networking grew explosively in 2000 s Ø Many homes use >1 computer Ø Broadband Internet encourages telecommuting Ø Computers can be away from telephone points q. Avoid running cables Ø Wireless equipment no longer expensive 10 Copyright © 2020 M. E. Kabay. All rights reserved.

Architecture & Product Types Ø 802. 11 Components Ø 802. 11 Network Architecture Ø

Architecture & Product Types Ø 802. 11 Components Ø 802. 11 Network Architecture Ø 802. 11 Physical Layer ØWireless LAN Product Types ØBenefits of Wireless Switch/Access Controller Architecture ØSecurity Benefits of Wireless Switch/Access Controller Architecture See RFC 4118 “Architecture Taxonomy for Control and Provisioning of Wireless Access Points (CAPWAP)” http: //www. faqs. org/ftp/rfc/pdf/rfc 4118. txt. pdf 11 Copyright © 2020 M. E. Kabay. All rights reserved.

802. 11 Components Ø Stations (Sta) Ø Access points (AP) Ø Basic service sets

802. 11 Components Ø Stations (Sta) Ø Access points (AP) Ø Basic service sets (BSS) q 1 or more Sta linked to single AP Ø Independent BSS (IBSS) q Ad hoc NW q Point to point (mesh) Ø Extended service set (ESS) q Interconnected BSS + LANs = 1 BSS to Sta Ø Distribution system (DS) & portal q Connect APs to form ESS q Portal: connects wired LAN with 802. 11 NW 12 Copyright © 2020 M. E. Kabay. All rights reserved.

802. 11 Network Architecture Ø OSI ISO reference model q 802. 11 provides services

802. 11 Network Architecture Ø OSI ISO reference model q 802. 11 provides services at physical & data link layers Ø 802. 11 layers q. Physical (radio) q. Medium Access Control q. Logical Link Control 13 Copyright © 2020 M. E. Kabay. All rights reserved.

802. 11 Physical Layer Ø 802. 11 Infrared (2 Mbps) Ø 802. 11 FHSS

802. 11 Physical Layer Ø 802. 11 Infrared (2 Mbps) Ø 802. 11 FHSS (Frequency-hopping spread spectrum) q 2 Mbps radio link in 2. 4 GHz band q Defines 79 channels (1 MHz each) Ø 802. 11 DSSS (Direct sequence spread spectrum) q Also 2 Mbps radio link in 2. 4 GHz q Spreads data over 14 channels (5 MHz each) q Increases bandwidth but limits channels to 3 in practice Ø 802. 11 b DSSS (11 Mbps) Ø 802. 11 OFDM (Orthogonal frequency division multiplexing) – 54 Mbps in 5 GHz band Ø 802. 11 g – OFDM in 2. 4 GHz band for 54 Mbps Ø 802. 11 n – 600 Mbps (IEEE working group) q 4 streams @ 40 MHz q Still under development (2009) 14 Copyright © 2020 M. E. Kabay. All rights reserved.

Wireless LAN Product Types (1) Ø AP contains all functionality (“Fat” APs) q. SOHO

Wireless LAN Product Types (1) Ø AP contains all functionality (“Fat” APs) q. SOHO (small office/home office) users q. Managing multiple fat APs became complex Ø LWAP (lightweight AP) q. Also use wireless switches in NW q. Vendors developed different protocols q. IETF working group: Control & Provisioning of Wireless Access Points (CAPWAP) üRFC 3390 – problem definition üRFC 4118 – taxonomy üDeveloped CAPWAP protocol for interoperability 15 Copyright © 2020 M. E. Kabay. All rights reserved.

Wireless LAN Product Types (2) Ø Wireless Mesh Networks q. Fat & LWAPs physically

Wireless LAN Product Types (2) Ø Wireless Mesh Networks q. Fat & LWAPs physically connected to wired NW (Internet access, LAN) q. But wireless mesh design has point-to-point connections among APs q. Much reduces cabling & deployment costs q. IEEE established 802. 11 s working group 16 Copyright © 2020 M. E. Kabay. All rights reserved.

Benefits of Wireless Switch / Access Controller Architecture Ø Ease of deployment & management

Benefits of Wireless Switch / Access Controller Architecture Ø Ease of deployment & management Ø RF management Ø Load-balancing users Ø Simplified guest networking Ø Fast roaming Ø Layer 3 roaming (single IP address throughout campus) Ø QOS (quality of service) Ø Unification of wired & wireless Ø AAA (authentication, authorization, accounting) Ø Integration with older non-wired equivalent privacy (WPA/WPA 2) equipment 17 Copyright © 2020 M. E. Kabay. All rights reserved.

Security Benefits of Wireless Switch / Access Controller Architecture Ø User & device authentication

Security Benefits of Wireless Switch / Access Controller Architecture Ø User & device authentication q. Only authorized users allowed Ø Access control q. Can assign user to specific VLAN q. Handles guest access easily Ø Inbuilt wireless intrusion detection & prevention q. Can analyze every packet Ø Rogue AP detection q. Scan for unauthorized APs q. Triangulate signals received at several APs q. Some products can actively remove rogue APs 18 Copyright © 2020 M. E. Kabay. All rights reserved.

Wireless LAN Security Threats General taxonomy of threats to networks Ø Eavesdropping Ø Masquerading

Wireless LAN Security Threats General taxonomy of threats to networks Ø Eavesdropping Ø Masquerading (spoofing) Ø Message modification* * (MITM attacks) Ø Replaying Ø Denial of service Ø Exploiting flaws in design, implementation or operation Ø Cracking 19 Copyright © 2020 M. E. Kabay. All rights reserved.

Comparison Between Wired & Wireless Ø Wireless NWs subject to long-distance penetration q High-gain

Comparison Between Wired & Wireless Ø Wireless NWs subject to long-distance penetration q High-gain aerials q Modified household satellite TV antennas q Cheap commercial products Ø Corporate wired NWs generally protected q Firewalls q VPNs Ø Wireless NWs much less secure q Easy to access by unauthorized people in street, parking area (or hill 20 miles away) q War-driving = roaming to find unprotected WAPs Ø Operational management q Wired NWs usually run for professional IT personnel q Wireless NWs often installed by amateurs q Risk when WAPs attached to wireless NWs without authorization 20 Copyright © 2020 M. E. Kabay. All rights reserved.

Specific Threats Enabled by Wireless LANs Ø Early 802. 11 standards have security that

Specific Threats Enabled by Wireless LANs Ø Early 802. 11 standards have security that has been completely broken Ø 802. 11 i standard enhanced security BUT q. New equipment includes compatibility with older standards q. New security functionality generally not enabled by default Ø Key security issues in “broken” 802. 11 standards summarized on next slides 21 Copyright © 2020 M. E. Kabay. All rights reserved.

802. 11 Security Issues Ø Wireless NWs available outside physically controlled areas (use radio

802. 11 Security Issues Ø Wireless NWs available outside physically controlled areas (use radio waves) Ø NWs broadcast their existence Ø Devices – not users – are authenticated (so stolen equipment usable) Ø Original protocols easily broken Ø Authentication is 1 -way (client does not authenticate AP – allows rogue APs) Ø WEP compromised Ø Message integrity check vector (ICV) easily defeated using simple bit-flipping attacks Ø Messages can be replayed without detection Ø Admins install wireless LANs using default settings Ø Wireless LANs use same keys for all users (so users can eavesdrop on each other) Ø Public hot spots reveal confidential data 22 Copyright © 2020 M. E. Kabay. All rights reserved.

Specific Threats ØWar-Driving ØWar-Chalking ØDealing with War Drivers ØLaptops with 802. 11 Ø Neighbors

Specific Threats ØWar-Driving ØWar-Chalking ØDealing with War Drivers ØLaptops with 802. 11 Ø Neighbors ØHot Spots 23 Copyright © 2020 M. E. Kabay. All rights reserved.

War-Driving Ø Peter Shipley (2000) Ø Drive/walk around with wireless NW equipment q. Laptop

War-Driving Ø Peter Shipley (2000) Ø Drive/walk around with wireless NW equipment q. Laptop or handheld computer (smart phone) q. Wireless access card & sw Ø Results of early studies q>60% wireless NWs: default configuration q 15% used WEP q. Most WLANs linked directly to corporate backbone üShould have been to DMZ üSo 85% of WLANs gave unauthorized access to core NWs 24 Copyright © 2020 M. E. Kabay. All rights reserved.

War-Chalking Ø Criminal hackers were marking pavement or wall showing availability of unprotect WAPs

War-Chalking Ø Criminal hackers were marking pavement or wall showing availability of unprotect WAPs Ø Activity has pretty much died out Ø So easy to locate networks using, say, smart phone 25 Used without requiring permission – material defined as in public domain. http: //upload. wikimedia. org/wikipedia/commons/e/e 6/Warchalking. svg Copyright © 2020 M. E. Kabay. All rights reserved.

Dealing with War Drivers Ø Video surveillance Ø Brief physical/facilities security staff on recognizing

Dealing with War Drivers Ø Video surveillance Ø Brief physical/facilities security staff on recognizing war drivers q. Stationary q. Working on laptop q. Pedestrians obvious; in car not so obvious Ø Keep track of cars parked near building Ø But in cities, war drivers can sit in coffee shops! Ø MUST secure networks properly 26 Copyright © 2020 M. E. Kabay. All rights reserved.

Laptops & Phones with 802. 11 (1) Ø Even low-end laptops have wireless capability

Laptops & Phones with 802. 11 (1) Ø Even low-end laptops have wireless capability Ø Smart phones equipped Ø Windows XP/7 WLAN client monitors for networks q May connect automatically q Significant problem for employees connecting to corporate networks from home, travel q Rogue APs can take advantage of automatic connection Ø Wireless units send out probes with identification of home network q So attacker can configure rogue AP q E. g. , Linux-based Host. AP q Once connected to laptop, attacker can scan for unprotected files, VPN tunnels to home system 27 Copyright © 2020 M. E. Kabay. All rights reserved.

Laptops with 802. 11 (2) Ø Microsoft Active. Sync q. Connect mobile PDAs, phones

Laptops with 802. 11 (2) Ø Microsoft Active. Sync q. Connect mobile PDAs, phones to host, NW üAccess e-mail üBrowse files q. Can connect over WLAN q. So attacker can use laptop as wireless proxy server Ø Windows XP q. Mesh NW (IBSS) allows connection from attacker’s device to any corporate unit q. Many people inadvertently share their C: drive by default q. Even configure their firewall to allow share 28 Copyright © 2020 M. E. Kabay. All rights reserved.

Neighbors Ø Ø In cities, offices share buildings Can detect WLANs in adjacent buildings

Neighbors Ø Ø In cities, offices share buildings Can detect WLANs in adjacent buildings Attackers typically piggyback on other people’s NWs Can also connect employees to wrong NW by mistake q Misuse of Internet bandwidth q Access to sensitive information q Vulnerability to sabotage Ø Access by criminals can be serious q P 2 P file sharing or spamming can eat up bandwidth q Can also lead to criminal prosecution of victim of piggybacking Ø Illegal ISP sharing q Some naïve users deliberately share their ISP connections to Internet (e. g. , ADSL) using wireless router – violation of TOS (terms of service) q Can lead to civil prosecution for violation of contract 29 Copyright © 2020 M. E. Kabay. All rights reserved.

Neighbors 30 Copyright © 2020 M. E. Kabay. All rights reserved.

Neighbors 30 Copyright © 2020 M. E. Kabay. All rights reserved.

Hot Spots USE VPN TECHNOLOGY See CSH 6 Chapter 32 Ø Many commercial access

Hot Spots USE VPN TECHNOLOGY See CSH 6 Chapter 32 Ø Many commercial access points in restaurants, coffee shops, bookstores, airports, conferences…. q. Completely open (no encryption) q. Therefore allows capture of confidential unencrypted data Ø Research at Planet Expo (Boston, 2003) q. Tiny % wireless traffic encrypted q. Significant criminal-hacker activity ü 149 active war-driving scans ü 105 Do. S attacks ü 32 attempted MITM attacks Ø Airsnarf – example of program allowing criminal to become a rogue AP (steal user IDs, passwords) 31 Copyright © 2020 M. E. Kabay. All rights reserved.

Original 802. 11 Functionality Ø 2 security systems q 802. 11 (1999) defined Wired

Original 802. 11 Functionality Ø 2 security systems q 802. 11 (1999) defined Wired Equivalent Privacy (WEP) – inadequate q 802. 11 i defined WPA (Wi-Fi Protected Access) & WPA 2 Ø Topics q. Security Functionality q. Connecting to a Wireless Network & Authentication q. Defending Against the WEP Vulnerability 32 Copyright © 2020 M. E. Kabay. All rights reserved.

Security Functionality Original 802. 11 standard provided for Ø Authentication – 2 different algorithms:

Security Functionality Original 802. 11 standard provided for Ø Authentication – 2 different algorithms: q. Open authentication q. Shared-key authentication Ø Confidentiality/privacy using WEP q. Wired Equivalent Privacy q. Encrypts data using keys on station Ø Integrity q. CRC-32 Integrity Check value (ICV) q. CRC = cyclic redundancy code 33 Copyright © 2020 M. E. Kabay. All rights reserved.

Connecting to a Wireless NW & Authentication (1) Ø Fundamental issue q Wired NWs

Connecting to a Wireless NW & Authentication (1) Ø Fundamental issue q Wired NWs can use physical controls to prevent / reduce unauthorized connections q Wired NWs must rely on protocol for defenses Ø Overview q Sta* must 1 st detect NW üPassive mode: listen for beacon frames § Regularly transmitted by APs q Active mode: Sta sends probe requests üSta return probe response üOften configure Sta to respond only to valid probe requests with valid NW identifier *Station 34 Copyright © 2020 M. E. Kabay. All rights reserved.

Connecting to a Wireless NW & Authentication (2) 35 Copyright © 2020 M. E.

Connecting to a Wireless NW & Authentication (2) 35 Copyright © 2020 M. E. Kabay. All rights reserved.

Connecting to a Wireless NW & Authentication (3) Topics on following slides ØOpen Authentication

Connecting to a Wireless NW & Authentication (3) Topics on following slides ØOpen Authentication ØShared-Key Authentication ØWEP ØFluhrer, Mantin & Shamir (FMS) Attack ØDevelopments Since the FMS Attack 36 Copyright © 2020 M. E. Kabay. All rights reserved.

Open Authentication Ø Default mechanism in 802. 11 (& only required 1) q. Described

Open Authentication Ø Default mechanism in 802. 11 (& only required 1) q. Described as null algorithm q. Sta provides identity q. AP returns success or failure report q. AP does not attempt to verify identity of Sta! Ø Further refinements q. Most implementations include ACL (access control list) in AP q. Defines MAC (media access control) addresses for authorized Sta q. But eavesdropper can capture MAC addresses & reprogram own Sta to spoof authorized unit 37 Copyright © 2020 M. E. Kabay. All rights reserved.

Shared-Key Authentication (SKA) Optional protocol using WEP 1. Sta sends shared-secret key to AP

Shared-Key Authentication (SKA) Optional protocol using WEP 1. Sta sends shared-secret key to AP q Contains IEEE MAC address 2. AP uses WEP to generate & return 128 -byte random authentication challenge string 3. Sta copies challenge string into authentication data area in return message q Encrypts message using WEP 4. AP receives request from Sta Ø Decrypts Sta request using WEP Ø AP verifies ICV (integrity check value) Ø Compares received challenge string with sent challenge string Ø If both ICV & challenge string OK, sends success 38 Copyright © 2020 M. E. Kabay. All rights reserved.

Security Issues with SKA (1) Ø Designers recognized flaws Ø Both cleartext & encrypted

Security Issues with SKA (1) Ø Designers recognized flaws Ø Both cleartext & encrypted versions of challenge string transmitted during negotiation q Thus attacker can capture both & crack pseudo-random number (PRN) sequence used to create authentication challenge (see previous slide) q “Implementations should therefore avoid using the same key/IV pair for subsequent frames. ” Ø Borisov, Goldberg, & Wagner’s analysis q SKA key stream established for each session between AP & specific Sta q But MITM attack can re-use fixed cryptographic elements without knowing original WEP key that starts process 39 Copyright © 2020 M. E. Kabay. All rights reserved.

Security Issues with SKA (2) Ø 128 byte challenge can be re-used by Sta

Security Issues with SKA (2) Ø 128 byte challenge can be re-used by Sta Ø Therefore attacker can q. Encrypt any string ≤ 128 bytes using known IV (initialization vector) q. Inject messages into data stream q. Can send commands (e. g. , Ping) to generate more matching IVs & key streams q. E. g. , support dictionary attack on MACs ØRESULT: SKA PROTOCOL SHOULD NOT BE USED 40 Copyright © 2020 M. E. Kabay. All rights reserved. SKA

WEP (Wired Equivalent Privacy) Ø Defined in q. IEEE 802. 11 b § 8.

WEP (Wired Equivalent Privacy) Ø Defined in q. IEEE 802. 11 b § 8. 2 q. Also in 802. 11 i Ø Topics on next slides q. Properties of RC 4 Stream Cipher q. WEP Protocol q. WEP Keys q. Problems with WEP q. Key Management q. Problems with Key Management q. Default WEP Keys 41 Copyright © 2020 M. E. Kabay. All rights reserved.

Properties of RC 4 Stream Cipher Ø RSA (originally named for Rivest, Shamir &

Properties of RC 4 Stream Cipher Ø RSA (originally named for Rivest, Shamir & Adleman) Ø RC 4 = “Ron’s Code” or “Rivest’s Cipher” #4 q. Stream cipher q. XOR key bytes with plaintext q. No propagation of errors (unlike block ciphers) Ø Stream ciphers vulnerable to known-plaintext attacks q. Encrypt known plaintext with key q. Then XOR plaintext with ciphertext to recover key stream q. Can then insert spoofed messages using key Ron Rivest 42 Copyright © 2020 M. E. Kabay. All rights reserved.

WEP Protocol 43 Copyright © 2020 M. E. Kabay. All rights reserved.

WEP Protocol 43 Copyright © 2020 M. E. Kabay. All rights reserved.

WEP Keys Ø IEEE 802. 11 stipulates 4 default keys for each Sta q.

WEP Keys Ø IEEE 802. 11 stipulates 4 default keys for each Sta q. Numbered 0, 1, 2, & 3 q. Each 40 bits Ø Combine 1 of keys with 24 -bit IV = 64 -bit key q. Used for RC 4 computations as keystream Ø But modern products use non-standard 104 -bit keys q. Combined with 24 -bit IV = 128 -bit key 44 Copyright © 2020 M. E. Kabay. All rights reserved.

Problems with WEP (Borisov, Goldberg & Wagner) (1) Ø 40 -bit standard keys too

Problems with WEP (Borisov, Goldberg & Wagner) (1) Ø 40 -bit standard keys too short to prevent brute-force cracking (with today’s CPU speeds) q. Solved by de facto standard of 104 -bit keys Ø Key stream re-used q. Therefore open to known-plaintext attacks q. PLUS XOR of 2 separate ciphertexts encrypted by same stream cipher = 2 plaintexts XOR’d üVulnerable to cryptanalysis Ø No specified key management protocol q. And ad hoc vendor-supplied KM protocols often weak (cont’d) 45 Copyright © 2020 M. E. Kabay. All rights reserved.

Problems with WEP (Borisov, Goldberg & Wagner) (2) Ø Replay attacks (message modification) q.

Problems with WEP (Borisov, Goldberg & Wagner) (2) Ø Replay attacks (message modification) q. Demonstrated that encryption too weak to prevent changes in encrypted payload without altering checksum q. So can inject altered payload Ø Message injection q. Obtain key stream by XORing known plaintext with its encrypted ciphertext version q. Then XOR new message with key stream q. Inject spoofed packets into data stream üDue to use of weak CRC-32 algorithm üWould be improved by using SHA-1 HMAC (hashed message authentication code) (cont’d) 46 Copyright © 2020 M. E. Kabay. All rights reserved.

Problems with WEP (Borisov, Goldberg & Wagner) (3) Ø IP redirection q. Capture packet

Problems with WEP (Borisov, Goldberg & Wagner) (3) Ø IP redirection q. Capture packet from Sta q. Alter destination address to send to attacker’s host on Internet q. Attacker’s host decrypts packet q. Returns cleartext to attacker Ø Reaction attack vs TCP q. Flip one bit in captured TCP message q. Send to TCP-based server q. If TCP checksum still valid, server returns ACK; else no response q. Thus server tests one bit at a time for cryptographic recovery of plaintext 47 Copyright © 2020 M. E. Kabay. All rights reserved.

Key Management Ø Most WEP NWs use only 1 (the same) shared key (out

Key Management Ø Most WEP NWs use only 1 (the same) shared key (out of only 4) for all Sta Ø Increases chances of integrity value (IV) collisions & re-use of IV in attacks Ø Lack of prescribed KM protocol has led to vendoror implementation-specific protocols Ø Many vendors rely on manual system to define keys – not manageable or scalable 48 Copyright © 2020 M. E. Kabay. All rights reserved.

Problems with Key Management Ø Keys manually entered into each Sta q. Many products

Problems with Key Management Ø Keys manually entered into each Sta q. Many products display keys in plaintext q. So then many people get to know the keys Ø Difficult or impossible to coordinate change of keys q. So many installations never change their keys at all q. Thus attackers have lots of time for cryptanalysis q. Former staff may know long-standing keys after departure from organization 49 Copyright © 2020 M. E. Kabay. All rights reserved.

Default WEP Keys Ø Many manufacturers code default WEP keys into their equipment Ø

Default WEP Keys Ø Many manufacturers code default WEP keys into their equipment Ø Equivalent to canonical passwords in other access-control situations such as application programs Ø Attackers well familiar with default values q. Netstumbler & Kismet identify manufacturer q. Easy to enter known keys to break into NW Ø DO NOT USE DEFAULT WEP KEYS! 50 Copyright © 2020 M. E. Kabay. All rights reserved.

Fluhrer, Mantin & Shamir (FMS) Attack (Aug 2001) Ø Scott Fluhrer, Itsik Mantin &

Fluhrer, Mantin & Shamir (FMS) Attack (Aug 2001) Ø Scott Fluhrer, Itsik Mantin & Adi Shamir Ø Published paper on weaknesses in RC 4 q. Speculated on attacking WEP Ø Adam Stubblefield, John Ioannidis, & Ariel Rubin (Aug 2001) q. Described successful attack q. Took only 2 hours to write script q. Took few days to gather OTS HW & SW to recover WEP key q. Need to collect ~5 M packets (or as few as 1 M) q. Airsnort & WEPCrack use this attack method 51 Copyright © 2020 M. E. Kabay. All rights reserved.

Developments Since the FMS Attack Ø Vendors responded to FMS & SIR papers q.

Developments Since the FMS Attack Ø Vendors responded to FMS & SIR papers q. Dropped weak initialization vectors (IVs) q. Developed new protocol: Dynamic WEP (see later) Ø But attackers quickly undermined all WEP security q. Aug 6, 2004: “Korek” posted chopper üStatistical attack does not depend on weak IVs üRequires only 100 Ks of packets üIntegrated into Airsnort & Aircrack tools 52 Copyright © 2020 M. E. Kabay. All rights reserved.

Defending Against WEP Vulnerabilities (1) Ø Best defense: don’t use WEP at all! q.

Defending Against WEP Vulnerabilities (1) Ø Best defense: don’t use WEP at all! q. Use 802. 11 i WPA (Wi-Fi Protected Access) or WPA 2 Ø If you must use WEP, see Exhibit 33. 7 in CSH 6 (p 33. 21) for list of problems & countermeasures Ø Exhibit 33. 8 (next slide) summarizes safe topology for wireless networks using WEP q. Note firewall between WAP & all other network components Ø Further topics discussed below WEP 53 Copyright © 2020 M. E. Kabay. All rights reserved.

Defending Against WEP Vulnerabilities (2) 54 Copyright © 2020 M. E. Kabay. All rights

Defending Against WEP Vulnerabilities (2) 54 Copyright © 2020 M. E. Kabay. All rights reserved.

Defending Against the WEP Vulnerabilities (3) Further topics Ø Additional Crucial Controls Ø VPN

Defending Against the WEP Vulnerabilities (3) Further topics Ø Additional Crucial Controls Ø VPN & WEP Ø AP Configuration Ø AP Location Ø Dynamic WEP Ø Concluding Remarks on WEP Ø Resolving Implementation & Operational Problems Ø Remote Access & Public WAPs WEP 55 Copyright © 2020 M. E. Kabay. All rights reserved.

Additional Crucial* Controls Ø Necessary procedural elements for WLAN security Ø Effective patch management

Additional Crucial* Controls Ø Necessary procedural elements for WLAN security Ø Effective patch management Ø Regularly updated antimalware solution q. Antivirus q. Antispyware Ø Only security-policycompliant Sta may be connected to WLAN q. Firewall q. Patches q. Antimalware 56 Copyright © 2020 M. E. Kabay. All rights reserved.

VPN & WEP Ø Should one use WEP with a VPN? Ø Not strictly

VPN & WEP Ø Should one use WEP with a VPN? Ø Not strictly necessary because VPN handles encryption satisfactorily Ø But attackers may see NW without WEP as potentially unprotected q. Can probe for weaknesses q. Could launch / cause Do. S Ø So WEP serves as deterrent q. Remember story of two hikers chased by grizzly q“This is crazy! We can’t outrun a grizzly bear!” q“I don’t have to outrun the grizzly: I just have to outrun you. ” 57 Copyright © 2020 M. E. Kabay. All rights reserved.

AP Configuration Ø Some WLANs configured to suppress SSID broadcast & not respond to

AP Configuration Ø Some WLANs configured to suppress SSID broadcast & not respond to broadcast probes q. Theory is security by obscurity q. Windows XP & simple war-driving tools (e. g. , Netstumbler) will not see NW Ø But more sophisticated attacker monitors actual traffic Ø So these measures may cause more inconvenience for legitimate users than for attackers Ø General principle: run secure WLAN & no unauthorized user will be able to join NW 58 Copyright © 2020 M. E. Kabay. All rights reserved.

AP Location Ø Physical location of AP affects signal strength Ø Places to position

AP Location Ø Physical location of AP affects signal strength Ø Places to position AP for better security: q. Middle of room q 1 st or 2 nd floor of building Ø Places to avoid placing AP: q. Outside (street-facing) walls q. Upper floors 59 Copyright © 2020 M. E. Kabay. All rights reserved.

Dynamic WEP Ø Vendors introduced dynamic WEP keys q Established in 802. 1 x

Dynamic WEP Ø Vendors introduced dynamic WEP keys q Established in 802. 1 x authentication exchange q Every Sta has own WEP key q AP changes key regularly Ø Standard option in Windows XP client q “This key is provided for me automatically” Ø Evaluation q Massive improvement over static WEP keys q But does not defend against active WEP attacks Ø Recommendations q Use dynamic WEP keys BUT q Plan to move to more secure WPA or WPA 2 60 Copyright © 2020 M. E. Kabay. All rights reserved.

Concluding Remarks on WEP Ø“WEP is fundamentally broken. ” ØNew attacks constantly generated ØAvoid

Concluding Remarks on WEP Ø“WEP is fundamentally broken. ” ØNew attacks constantly generated ØAvoid WEP if possible ØUse WPA or WPA 2 ØOr encrypt data (VPN) using IPSec or SSL 61 Copyright © 2020 M. E. Kabay. All rights reserved.

Resolving Implementation & Operational Problems Ø Plan for security breaches Ø Defend each component

Resolving Implementation & Operational Problems Ø Plan for security breaches Ø Defend each component of NW Ø Do not allow use of default configurations & default keys Ø Recommendations q. Issue corporate policy on WLANs q. Publicize & enforce policy q. Develop approved WLAN üArchitecture üConfiguration standards üOperating procedures 62 Copyright © 2020 M. E. Kabay. All rights reserved.

Policy 63 Copyright © 2020 M. E. Kabay. All rights reserved.

Policy 63 Copyright © 2020 M. E. Kabay. All rights reserved.

Remote Access & Public WAPs Ø Unsecured home network may circulate unencrypted traffic q.

Remote Access & Public WAPs Ø Unsecured home network may circulate unencrypted traffic q. So connecting unsecured network to corporate systems using encrypted links will still not protect data q. Therefore use VPNs for connection to corporate NW Ø But rogue hot spots dangerous q. Criminal’s AP spoofs legitimate AP q. Before establishing VPN Ø Vendors working to implement secure protocols in hardware 64 Copyright © 2020 M. E. Kabay. All rights reserved.

Wi-Fi Alliance’s WPA & WPA 2 Standards Ø Wi-Fi Alliance q Non-profit organization q

Wi-Fi Alliance’s WPA & WPA 2 Standards Ø Wi-Fi Alliance q Non-profit organization q Certify interoperability of 802. 11 products q Concerned about security weakness of WEP Ø Created Wi-Fi Protected Access (WPA) q Subset of 802. 11 i (see § 33. 5 – not included in this IS 340 curriculum and these slides) q Uses Temporary Key Integrity Protocol (TKIP, see § 33. 5. 5 for details) q Vulnerable to offline dictionary attack Ø WPA 2 is equivalent to complete 802. 11 i q See Wi-Fi Alliance white papers at http: //www. wi-fi. org 65 Copyright © 2020 M. E. Kabay. All rights reserved.

802. 11 Security Auditing Tools (1) Ø Auditor & Back. Track Ø Kismet Ø

802. 11 Security Auditing Tools (1) Ø Auditor & Back. Track Ø Kismet Ø Netstumbler Ø Airsnort (old) Ø Co. WPAtty & Aircrack Ø Ethereal Ø Wellenreiter Ø Commercial Wireless Auditing Tools 66 Copyright © 2020 M. E. Kabay. All rights reserved.

802. 11 Security Auditing Tools (2) ØMore detail than appropriate for IS 340 ØSee

802. 11 Security Auditing Tools (2) ØMore detail than appropriate for IS 340 ØSee Exhibit 33. 19 for synoptic table ØRead § 33. 6 for details 67 Copyright © 2020 M. E. Kabay. All rights reserved.

Now go and study 68 Copyright © 2020 M. E. Kabay. All rights reserved.

Now go and study 68 Copyright © 2020 M. E. Kabay. All rights reserved.